security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source
This commit is contained in:
Nasreddine Bencherchali
2023-07-20 14:08:49 +02:00
committed by GitHub
parent 03ec08f933
commit e6003c19cd
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/sysmon/sysmon_file_block_shredding.yml
+1 -1
View File
@@ -1,7 +1,7 @@
title: Sysmon Blocked File Shredding
id: c3e5c1b1-45e9-4632-b242-27939c170239
status: experimental
description: Triggers on any Sysmon file block shredding event. Which should indicates a violation of the shredding policy set
description: Triggers on any new Sysmon "FileBlockShredding" event. Which should indicates a violation of the shredding policy set.
references:
- https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
author: frack113
rules/windows/sysmon/sysmon_file_executable.yml
+1 -1
View File
@@ -1,7 +1,7 @@
title: Sysmon File Executable Detected
id: 693a44e9-7f26-4cb6-b787-214867672d3a
status: experimental
description: Triggers on any Sysmon file executable event. Which should indicates a violation of the shredding policy set
description: Triggers on any new Sysmon "FileExecutableDetected" event. Which triggers every time a PE monitored by the config is created.
references:
- https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
- https://medium.com/@olafhartong/sysmon-15-0-file-executable-detected-40fd64349f36